data/reports/GO-2020-0047.yaml - vulndb - Git at Google

 id: GO-2020-0047
 modules:
     - module: github.com/RobotsAndPencils/go-saml
       vulnerable_at: 0.0.0-20170520135329-fb13cb52a46b
       packages:
         - package: github.com/RobotsAndPencils/go-saml
           symbols:
             - AuthnRequest.Validate
             - NewAuthnRequest
             - NewSignedResponse
           derived_symbols:
             - ServiceProviderSettings.GetAuthnRequest
 summary: Weak hash (SHA-1) in github.com/RobotsAndPencils/go-saml
 description: |-
     XML Digital Signatures generated and validated using this package use SHA-1,
     which may allow an attacker to craft inputs which cause hash collisions
     depending on their control over the input.
 published: 2021-04-14T20:04:52Z
 ghsas:
     - GHSA-5rhg-xhgr-5hfj
 references:
     - web: https://github.com/RobotsAndPencils/go-saml/pull/38
 cve_metadata:
     id: CVE-2020-36563
     cwe: 'CWE 328: Use of Weak Hash'
	id: GO-2020-0047
	modules:
	- module: github.com/RobotsAndPencils/go-saml
	vulnerable_at: 0.0.0-20170520135329-fb13cb52a46b
	packages:
	- package: github.com/RobotsAndPencils/go-saml
	symbols:
	- AuthnRequest.Validate
	- NewAuthnRequest
	- NewSignedResponse
	derived_symbols:
	- ServiceProviderSettings.GetAuthnRequest
	summary: Weak hash (SHA-1) in github.com/RobotsAndPencils/go-saml
	description: \|-
	XML Digital Signatures generated and validated using this package use SHA-1,
	which may allow an attacker to craft inputs which cause hash collisions
	depending on their control over the input.
	published: 2021-04-14T20:04:52Z
	ghsas:
	- GHSA-5rhg-xhgr-5hfj
	references:
	- web: https://github.com/RobotsAndPencils/go-saml/pull/38
	cve_metadata:
	id: CVE-2020-36563
	cwe: 'CWE 328: Use of Weak Hash'